/**
 * OWASP GoatDroid Project
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * GoatDroid project. For details, please see
 * https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
 *
 * Copyright (c) 2011 - The OWASP Foundation
 * 
 * GoatDroid is published by OWASP under the GPLv3 license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jack Mannino, nVisium Security (https://www.nvisiumsecurity.com)
 * @created 2011
 */
package org.owasp.goatdroid.fourgoats.webservice.register;

import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.owasp.goatdroid.fourgoats.webservice.Constants;
import org.owasp.goatdroid.fourgoats.webservice.Salts;
import org.owasp.goatdroid.fourgoats.webservice.base.BaseDAO;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginUtils;

import com.mysql.jdbc.Connection;

public class RegisterDAO extends BaseDAO {

	public RegisterDAO() throws InstantiationException, IllegalAccessException,
			ClassNotFoundException, SQLException {
		Class.forName("com.mysql.jdbc.Driver").newInstance();
		conn = (Connection) DriverManager
				.getConnection(Constants.DB_CONNECTION_STRING);
	}

	public boolean doesUserExist(String userName) throws SQLException {

		String sql = "select userName from users where userName = ?";
		PreparedStatement selectStatement = (PreparedStatement) conn
				.prepareCall(sql);
		selectStatement.setString(1, userName);
		ResultSet rs = selectStatement.executeQuery();
		if (rs.next())
			return true;
		else
			return false;
	}

	public void insertNewUser(String firstName, String lastName,
			String userName, String password) throws SQLException {

		String sql = "insert into users (userName, password, firstName, "
				+ "lastName, userID, currentBadgeID, lastLatitude, "
				+ "lastLongitude, lastCheckinTime, numberOfCheckins, "
				+ "numberOfRewards, isAdmin, autoCheckin, isPublic) values "
				+ "(?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
		PreparedStatement insertStatement = (PreparedStatement) conn
				.prepareCall(sql);
		insertStatement.setString(1, userName);
		insertStatement.setString(2, LoginUtils.generateSaltedSHA512Hash(
				password, Salts.PASSWORD_HASH_SALT));
		insertStatement.setString(3, firstName);
		insertStatement.setString(4, lastName);
		insertStatement.setString(5, LoginUtils.generateSaltedSHA256Hash(
				userName + LoginUtils.getTimeMilliseconds(),
				Salts.USER_ID_GENERATOR_SALT)); // generates the
		// userID unique
		// identifier
		insertStatement.setString(6, ""); // currentBadgeID
		insertStatement.setString(7, "0"); // latitude
		insertStatement.setString(8, "0"); // longitude
		insertStatement.setString(9, ""); // lastCheckinTime
		insertStatement.setInt(10, 0); // numberOfCheckins
		insertStatement.setInt(11, 0); // numberOfRewards
		insertStatement.setBoolean(12, false); // isAdmin
		insertStatement.setBoolean(13, true); // autoCheckin
		insertStatement.setBoolean(14, true); // isPublic
		insertStatement.executeUpdate();
	}
}
